QuickStudy: Fighting Spam

Computerworld - Listen to the Computerworld TechCast: Fighting Spam

Every day most of us get e-mail offering to sell us drugs (especially Viagra), vacations, ways to enlarge specific parts of our bodies, get-rich-quick schemes, cable-television descramblers, lower mortgage rates and Internet-based pornography. I don't want it, and neither do you. Spam has become a serious and growing problem for Internet users, affecting individuals and corporations alike.

Spam costs its recipients money. David Ferris, president of San Francisco-based Ferris Research, estimates that spam and efforts to combat it cost U.S. companies $8.9 billion in 2002.

In a December 2002 report, Gartner Inc. analyst Joyce Graff predicted that "by 2004, unless an enterprise takes defensive action, more than 50% of its message traffic will be spam." Ferris analyst Marten Nelson pegs the volume of spam at 20% to 30% of corporate traffic and 40% to 50% of Internet service provider traffic. Nelson says that CIOs and corporate messaging managers should consider three major elements in determining the impact of spam.

"First, you need to look at the costs associated with loss of user productivity, then the cost to the messaging infrastructure and finally the cost to your help desk in dealing with user complaints," he says.

Strategies

There are dozens of products and services available to help block spam. They use the following basic techniques:

• Blacklist the sender. Get a list of spammers' addresses and block any e-mail from those addresses. This can't block spam from new addresses, however, so there's a constant race between the spammers and the spam-fighters. At times, the blockers get too eager and may shut off all mail from a specific domain name, blocking legitimate messages from nonspamming users.

• "Whitelist" the sender. The opposite approach is to accept e-mail only from a list of approved addresses. This is highly effective but not terribly practical, especially for business users who want to hear from new customers.

• Look for telltale signs. Spam messages tend to have a lot of features in common. According to CipherTrust Inc., some of the more common elements found in the subject lines of spam are "$," "!," "999," "Credit," "Earn," "FREE," "Free," "Get," "Lose" and "Money."

• Keep score. Much antispam software relies on analyzing message IDs, formats and other traits, assigning values to each identified feature and adding up a numerical score for new messages. If the score exceeds a specified limit, it's considered spam and is blocked. Unfortunately, this approach delivers a lot of false positives, rejecting mail that isn't spam.